A vulnerability was found in lepture Mistune up to 3.2.x and classified as problematic. Affected by this vulnerability is the function safe_url of the component HTMLRenderer. The manipulation results in HTML injection.

This vulnerability is identified as CVE-2026-59923. The attack can be executed remotely. There is not any exploit available.